Home

Awesome

CyberTruckChallenge19

Android security workshop taught at the CyberTruck Challenge 2019 (Detroit USA). Further info at https://www.cybertruckchallenge.org

Description

A new mobile remote keyless system "CyberTruck" has been implemented by one of the most well-known car security companies "NowSecure Mobile Vehicles". The car security company has ensured that the system is entirely uncrackable and therefore attackers will not be able to recover secrets within the mobile application.

If you are an experienced Android reverser, then enable the tamperproof button to harden the application before unlocking your cars. Your goal will consist on recovering up to 6 secrets in the application.

Material

The content is provided in folders such as:

Mobile CTF: Android Crackme

It is required to have an Android device either emulated or physical. During the workshop we employed an AVD Google Pixel 2XL running Android 9.0 that it can be obtained for free with Android Studio. Additionally, the tamperproof check needs to have the Frida server binary placed in /data/local/tmp/frida-server.

logo

Challenge1 to unlock car1. "DES key: Completely Keyless. Completely safe"

Challenge2 to unlock car2: "AES key: Your Cell Mobile Is Your Key"

Challenge3 to unlock car3. "Mr Truck: Unlock me Baby!"

Contact

Eduardo Novella enovella@nowsecure.com

Public Write-ups